What started as a simple job interview at Kraken, a well-known cryptocurrency exchange, turned into a spy story straight out of a movie. In early 2025, Kraken’s team interviewed someone calling himself “Steven Smith” for an engineering job. But right away, things didn’t add up. The name he gave in the video call didn’t match the name on his application. Even stranger, his voice kept changing, as if someone else was secretly coaching him during the interview.
Kraken was already on high alert. Other companies had warned them about North Korean hackers trying to sneak into crypto firms by pretending to be job seekers. So when Smith’s email matched one from a list of suspicious addresses, Kraken knew they had to be extra careful. Instead of turning him down right away, they let him move forward in the hiring process. But this was no ordinary interview—they were setting a trap.
Fake Identities and Clues Revealed
Kraken’s security team dug deeper into Smith’s background. They discovered that his resume linked to a GitHub profile connected to an email address that had appeared in an old data leak. More digging showed that the ID he provided had been altered using stolen personal information from someone else.
Crypto Crackdown Backfires: Court Sides with Tornado Cash Users Against Treasury
Even his technical behavior raised red flags. Smith joined video calls using a remote Mac computer and hid his location through a VPN, a tool often used by hackers to stay anonymous. His internet profiles also showed connections to people known to be foreign agents under sanctions.
Kraken’s experts noticed a pattern: these hackers often recycle stolen data and build fake profiles that look real. But little mistakes always give them away. In Smith’s case, the cracks in his story were starting to show.
The Clever Trap That Exposed the Hacker
Kraken wasn’t done yet. They pushed Smith through more interview rounds, but these were designed to catch him off guard. The technical tests included secret tasks to check if he was really who he said he was.
In a final interview, Kraken turned up the pressure. Smith was asked simple but personal questions: Could he show his government ID on camera? Could he describe his neighborhood? Could he name a few local restaurants in the city he claimed to live in?
Smith stumbled. He couldn’t name any restaurants. He struggled to answer questions about his supposed hometown. And he failed to show a valid ID. These mistakes confirmed Kraken’s suspicion: Smith was not an ordinary job applicant. He was a North Korean hacker trying to infiltrate their company.
20 Trillion Operations Per Second—But One Hacker Can Still Ground the F-35
Behind this plot was a larger scheme. North Korea has been using hackers as fake remote workers to attack crypto companies. They steal billions every year, using tricks like fake job listings, made-up resumes, and AI-generated photos to fool employers. Crypto firms are often targets because they deal in digital money and sometimes skip strict identity checks when hiring.
Kraken’s team later found that some of the fake identities linked to Smith had already been hired by other companies. This showed just how serious the threat is. For Kraken, stopping Smith wasn’t just about blocking one hacker—it was about breaking apart an entire network of cybercriminals.
Kraken’s story shows that today, even a simple job interview can turn into a battle against hackers. Their careful investigation helped expose a dangerous plot and stopped a serious security breach before it could happen.